finds.dev← search

// the find

infobyte/faraday

★ 6,649 · Python · GPL-3.0 · updated Jun 2026

Open Source Vulnerability Management Platform

Faraday is a vulnerability management platform that aggregates findings from 80+ security tools (nmap, Burp, Nessus, ZAP, etc.) into a shared database with a web UI, multi-user workspaces, and a CLI client. It's aimed at pentest teams who want to stop copy-pasting scan output into spreadsheets and start tracking findings collaboratively. The open-source edition exists, but the commercial product at faradaysec.com is clearly where the real feature investment goes.

- The plugin ecosystem is the genuine value here — 80+ parsers covering both live tool output (console plugins) and artifact imports (XML/JSON report plugins) means you can drop it into an existing workflow without rewriting anything.

- The agent dispatcher architecture lets you run scanners remotely and pipe results back to a central Faraday instance, which is the right design for distributed or cloud-based engagements.

- Multiple install paths that actually work: docker-compose for quick spin-up, deb/rpm packages with systemd integration, PyPI for scripted installs. The operations story is better than most security tools.

- Alembic migration history going back through dozens of versions shows the schema has been maintained properly rather than hand-edited — the 100+ migration files are a sign of longevity, not chaos.

- The OSS/commercial split is never explained in the README. Features shown in screenshots (executive reports, pipeline orchestration, JIRA integration, knowledge base) may require the paid tier — you won't find out until you're already committed to the deployment.

- The project is primarily hosted on GitLab and mirrored to GitHub; the real CI lives in .gitlab-ci.yml. GitHub issues and PRs are second-class citizens, which matters if you want to contribute or track bugs.

- The ecosystem is fragmented across at least three separate repos (faraday, faraday-cli, faraday_plugins, faraday_agent_dispatcher) with separate versioning. Getting them all compatible and updated together is a recurring tax.

- Integration guides for CI/CD are PDFs hosted on their marketing site, not markdown in the repo. PDFs go stale, can't be PRed, and disappear when they rebrand — not how a healthy open-source project documents itself.

View on GitHub → Homepage ↗

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →